Computer Threats: What to Focus on First
Prioritize your security efforts
Yes, spam is a problem. Screening and deleting junk e-mail wastes your time and your employees'
time. And if a junk e-mail attachment is opened, it may unleash a virus.
But if your company predominantly focuses on battling spammers, you may be ignoring much more
serious threats that can actually cripple your business. When thinking about computer and network
security, begin by sorting out what constitutes a genuine security menace to your computer
systems, and what is mostly a nuisance. Here's guidance to ensure you're drawing the battle lines
in the right place.
E-mail: Lose sleep over attachments, not spam
Studies show that spam makes up the vast majority of all e-mail sent. Junk mail filters like the one
included in Outlook 2003 will help divert these unwelcome messages from your inbox, but will never
prevent all spam from being sent to your e-mail account.
Yet remember: Junk mail by itself will not damage your business. However, there are some e-mail
threats that will.
Viruses and worms: These small but malicious programs are commonly spread by e-mail. They
come in the form of cleverly disguised attachments to messages that trick your employees into
clicking on them. Once installed, viruses infect programs and files, can destroy your data and can
effectively force you to close your business while you disinfect your computers. An e-mail virus
can spread by e-maling itself to people in the your address book — maybe even to your business
partners. Worms are a type of self-replicating virus that uncontrollably spread over networks. Not
all e-mail attachments are dangerous. Still, it is best not to take risks.
Phishing: Some e-mail messages are "phishing" for valuable information. The sender asks for
credit card numbers, network passwords or account numbers. But links in these messages
actually take you to Web sites — that often look legitimate — run by Internet thieves. If you
enter your data, you give those thieves the information they need to get into your computer
system and access company data.
In the example of a phishing e-mail message below, the sender may place a link (1) that appears to
go to the legitimate Web site, but it actually takes you to another address (2), a phony scam site or
possibly a pop-up window that looks exactly like the official site.
• Instruct your employees to never open suspicious attachments that they do not expect.
Remind employees to use extreme caution when responding to messages that ask for passwords
or account information. If they have any doubts about the validity of the e-mail, they should
contact the sender by phone and verify the legitimacy of the request.
In the event a virus-infected attachment is opened, make sure your antivirus software is up-to-
date and that you have installed security updates for your operating system and other software.
The Internet: Fear downloads before pop-ups
Pop-up ads in your browser window are indeed annoying. They interfere with Web surfing and
searching. But, like junk e-mail, they pose a minor threat to your business. Programs that your
employees download from the Web are another story, however.
Viruses and spyware: Programs downloaded from Web sites can contain viruses and
"spyware." Spyware can enter your computer systems through infected e-mail messages and can
secretly monitor what employees type and record account numbers and passwords. Spyware can
also enter your computer through security holes in the software you use.
Adware: Adware installs itself in a similar manner to spyware, though it typically just displays
extra advertisements when you are online. Adware can slow down your computer and it can be
frustrating to try to close all the extra pop-up windows, but it will not destroy your data.
Create a security policy that clearly states what employees can download to their office
computer, and what they cannot. Explain in person to employees why the policy is important.
Consider using software that checks for and removes spyware. Microsoft has a free Windows
AntiSpyware program and a Malicious Software Removal Tool you can use to rid your PCs of
Use a firewall on your PC and a router for network protection. The combination of activating the
built-in Windows Firewall and adding a network protection device enables you to filter or block
Internet traffic to and from dangerous sites.
Make sure your antivirus software is up-to-date and that you use it often to thoroughly scan your
system. If antivirus software was installed on your new PC for a trial period, make sure to buy a
subscription after the period expires, or to buy and install a new antivirus product.
Regularly check with your software manufacturers to make sure you have downloaded and
installed the latest updates to patch security holes. If available, use an automatic update service
like the one available with Windows XP.
Data Protection: Worry about backups before hackers
Hackers — Internet intruders who work their way into your computer network — garner
considerable media attention, especially those who are identified and captured. But you have more
to fear from bad data back-up habits than cyber villains. Without regular data back ups, hardware
failures, accidental deletions, and floods and fires can permanently wipe out all your sales records,
customer contact information and order history — the data that is the core of your business.
Back up your data weekly if not daily to a CD, shared folder on a network, or second hard drive.
Windows XP includes a back-up utility that can perform scheduled back-ups.
Test your backups regularly by restoring your data to a test location. Otherwise, you'll never
know if the data can be successfully restored if and when you need it.
Keep a copy of your weekly back-ups at another location to protect them in case of a fire, break-
in or other disaster.
One of the keys to business success is setting the right priorities. The same is true when protecting
your business computers. Understand that not every computing problem carries a security risk —
but make sure to address the ones that do.
focus-on-first.mspx accessed 03/08/2007